Delve accused of misleading customers with ‘fake compliance’

An Substack post unknown published this week opposes the start-up Delve “false” claims to the satisfaction of “hundreds of customers who comply” with privacy and security laws, which could expose those customers to “criminal charges under HIPAA and significant fines under GDPR.”

Delve is a startup that backed Y Combinator last year announced a $32 million Series A raise at a cost of $300 million. (The round was led by Insight Partners.) On Friday, the founders tried to counter the allegations and on his blogcalling Substack’s post “misleading” and saying it “contains several incorrect statements.”

The Substack post is called “DeepDelver,” who described himself as working on the (now defunct) Delve client.

DeepDelver also reported that it received an email in December that the startup had “released a website with confidential customer reports.” Although Delve CEO Karun Kaushik appears to have assured customers in a follow-up email that they are following through and that no outside group has obtained sensitive information, DeepDelver said they and other customers have grown suspicious.

“Having the same experience with Delve, and realizing that there was something fishy about it, we decided to gather some resources and investigate together,” he wrote.

Their ending? That Delve “lives up to its claim of being the fastest fraud proofing platform, issuing auditor audits instead of rubber stamp verification mills, skipping major requirements and telling customers 100% compliance.”

DeepDelver elaborated on the claims, accusing the startup of providing customers with “evidence of meetings, tests, and methods that have never been done before,” and forcing those customers to “choose between relying on fake evidence or doing a lot of manual work with virtual machines or AI.”

DeepDelver also said that almost all of Delve’s customers appear to have gone through two accounting firms, Accorp and Gradient, which he described as “part of the same service,” operating mainly in India, which is limited to the United States.

Those companies, they said, are rubber-stamping reports produced by Delve. As a result, DeepDelver said that the startup “disrupts” its approach: “By creating auditors’ calculations, test methods, and final reports before independent evaluation, Delve puts itself in the role of both initiators and testers. This is not technology. It is a fraud that prevents all evidence.”

In addition to accusing Delve of misleading its customers, DeepDelver said the startup helps those customers “mislead people by maintaining trusted websites with unprecedented security.”

Regarding its relationship with Delve, DeepDelver said that their company has not published its trust page and does not rely on it to initiate tracking.

Delve responded to the allegations by saying that it does not report listeners at all. Instead, it’s an “automated platform” that enters compliance-related information, then provides auditors with access to that information.

“Final reports and recommendations are provided by independent, certified auditors, not Delve,” the company said.

Delve stated that its clients “can choose to work with an accountant of their choice or choose to work with Delve’s independent, certified third-party accounting firm.” These companies, the founders said, “are established companies that are widely used in all industries, combined with other tracking systems.”

Responding to accusations that it provides customers with “false evidence,” Delve countered that it only provides “templates to help teams document their activities in the same way as other tracking platforms.”

“Preparatory templates are not the same as ‘pre-filled proofs,'” the company said.

Delve added that it is “actively investigating the issue” and is “still evaluating Substack.”

TechCrunch sent an email seeking additional comment to the press contact address on Delve’s website; The email is out. We have also contacted DeepDelver for additional comments.